U.S. preparing indictment against Iranian hackers of NY dam

U.S. authorities are reportedly preparing to issue an indictment against Iranian hackers believed to have carried out acyber attack against a New York dam.

U.S. authorities are reportedly preparing to issue an indictment against Iranian hackers believed to have carried out an intrusion of a New York dam. The incident was a defining moment in the brewing cyber tensions between the U.S. and Iran.

The intrusion of the Bowman Avenue Dam in Rye Brook, N.Y., was not a high-level attack. However, it represents a threat that U.S. officials are not eager to see repeated. The incident also punctured the confidence of critical infrastructure executives. A year ago, 61 percent of critical infrastructure executives projected that their organizations could spot a cyber attack within 24 hours.

In recent years, Iran has toiled to improve its cyber capabilities, spurred initially by the U.S. and Israel's joint attacks against the Iranian nuclear program through Stuxnet and the Flame malware.

The U.S. reportedly developed an arsenal of cyberattacks to use against Iran in case talks to dismantle the nuclear program did not materialize.

“We've seen a proliferation of nation-state attacks on infrastructure this year from Iran, North Korea and China," wrote Leo Taddeo, CSO at Cryptzone, and former Special Agent in Charge of the NY Cybercrime division of the FBI, in an email obtained by SCMagazine.com. "We need to make it more difficult and expensive for these criminals to do what they are doing."

The expected indictment of the Iranian attackers bears similarity to the move by U.S. officials in October, in which the Chinese companies that officials believed profited from a corporate cyberespionage campaign were named.

UPDATE: An earlier version of this article stated that security researcher Brian Wallace discovered the Bowman Avenue Dam intrusion. Cylance, Wallace's employer, clarified that DHS notified the officials in the city of Rye of the attack. Wallace worked on research involving Operation Cleaver, a separate cyber incident that was conducted by the same group, according to Cylance.